Wednesday, March 22, 2017

Dell E5450 Bricked after applying CCTK.exe command

Dell E5450 Bricked after applying CCTK.exe command

Dell E5450 with i3 Processors a CCTK.exe warning

We recently had our E5450 Latitude failing to post following a stand SCCM Window Task Sequence. It was collected for diagnosis and motherboard swap out. While no diagnosis was performed (pointless sending away) we was returned within a few days with a new motherboard.

Upon receiving it I cautiously rebuilt it with success with a cut down version of the task sequence; I have simply installed the Windows Image (WIM) and driver package. Upon introducing additional steps to the SCCM task sequence I see a complete failure of the BIOS as previously experienced.

The failed post was the result of CCTK.EXE modifying BIOS settings.

We are using the latest version of CCTK 3.2 with the following commands;

cctk --secureboot=enable --valsetuppwd=PASSWORD

cctk --wakeonlan=enable --valsetuppwd=PASSWORD

cctk --uefinwstack=enable --valsetuppwd=PASSWORD

cctk --embsataraid=ahci --valsetuppwd=PASSWORD

cctk --tpm=on --valsetuppwd=PASSWORD

cctk --tpmactivation=activate --valsetuppwd=PASSWORD

cctk --virtualization=enable --valsetuppwd=PASSWORD

cctk --vtfordirectio=on --valsetuppwd=PASSWORD

cctk --trustexecution=on --valsetuppwd=PASSWORD

cctk --autoon=disable --valsetuppwd=PASSWORD

After analysis and discussion with Dell product groups they found that CCTK is forcefully arming TrustExecution in a way that conflicts the chain of trust. The basis of this is because the i3 CPUs within that unit model do not fully support Trust Execution which has been causing the NO POST via the CPU failure.

When this happens its driving the first measurement of the CPU to validate the signed module which isn’t supported (PCR 0 which holds the Core Root of Trust Measurement (CRTM). The issue was not replicated on any i5 or i7 systems we have in our lab.

Moving Forward; Dell recommend any units in a failed state have the motherboard replaced and to remove TrustExecution Command from your CCTK.ini